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DETAILED ACTION 

Claims 1-31 are pending for examination. 

Claims 1, 2, 6, 7, 10, 12, 13, 15-20, 23, and 27-31 are amended. 

Claims 1-31 are rejected. 

Claim Rejections - 35 USC § 101 

With reference to amended claims submitted 13 June 2008, examiner maintains 
previous rejection, as page 50, lines 14-16 include communications medium within 
computer readable medium. Examiner suggests further limiting claim or specification 
language to exclude communication medium. 

Response to Arguments 

1 . Applicant's arguments filed 13 June 2008 have been fully considered but they are 
not persuasive, as further discussed below. 

2. With regard to claim 6, applicant submits that cited reference Fink (US 6496 935) 
does not disclose the amended claim. Examiner disagrees. Figure 3 shows a flowchart 
for the packet forwarder, explained in further detail starting on column 9, line 20. In 
steps 4a and 5a, predetermined actions are taken on a packet and the packet is then 
forwarded to its destination. Inherent in this, especially step 5a, is a routing table for 
packet forwarding based on the destination address, as is well known in the art. 

3. With regard to claims 12 and 18, applicant submits that cited reference Fink does 
not teach "a routing table that makes a destination address of a packet associate with a 
next transfer destination." Examiner disagrees. Figure 3 shows a flowchart for the 
packet forwarder, explained in further detail starting on column 9, line 20. In steps 4a 
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and 5a, predetermined actions are taken on a packet and the packet is then forwarded 
to its destination. Inherent in this, especially step 5a, is a routing table for packet 
forwarding, as is well known in the art. 

4. With regard to claims 10, 16, 20, and 24, applicant submits that cited reference 
Foster (US 2003/0204618) does not disclose the limitations of the claims. Examiner 
disagrees, as further explained below. 

5. With regard to claims 1, 2, 4, 8, and 14, applicant submits that cited reference 
Foster does not disclose "a virtual interface that has address information associated 
with the network interface of the packet forwarder." Examiner disagrees. Page 3, 
paragraph [0014] shows that one or more VIC network interface cards may be 
associated with each network interface. 

6. Similar arguments are submitted with regard to claims 23, 27, and 31 as claims 
1, 2, 4, 8, and 14. The previous rejection is upheld with the same basis as previous 
rejections were upheld. 

Claim Rejections - 35 USC § 102 

7. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

8. Claims 6, 7, 12, 13, 18, and 19 are rejected under 35 U.S.C. 102(b) as being 
anticipated by US 6 496 935, Fink et al. 

9. As per claim 6, Fink teaches a packet forwarder which forwards a packet from its 
network interface to its other network interface according to its routing table that makes 
a destination address of a packet associate with a next transfer destination (Column 5, 
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lines 51-54, where the system routes according to filtering rules), comprising a received 
packet transfer unit that transmits a routing information packet received at the network 
interface to a packet control device that maintains the routing table of the packet 
forwarder using a routing process that generates the routing table based on routing 
information no the packet received at the network interface (column 9, lines 1-16, where 
the pre-filtering module receives packets from an external source, such as a MAC 
interface, and forwards the packet to the firewall through the firewall interface). 

1 0. As per claim 7, Fink teaches the packet forwarder according to claim 6, further 
comprising a routing table setting unit that receives the routing table from the packet 
control device, and that sets the routing table to the packet forwarder (Column 7, line 62 
through column 8, line 3, where the pre-filtering module contains a connection database 
which stores in its memory instructions from the firewall). 

11. As per claim 12, Fink teaches a method of maintaining a routing table of a packet 
forwarder (Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall), the method comprising: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 
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transferring the routing information packet to a packet control device, wherein the 
routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 1 6, where the firewall 
receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 

12. As per claim 1 3, Fink teaches the method according to claim 1 2, further 
comprising: 

receiving the routing table from a packet control device (Column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); and 
setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

1 3. As per claim 1 8, Fink teaches a computer-readable storage for controlling a 
computer, comprising computer program for maintaining a routing table of a packet 
forwarder, including computer executable instructions which, when executed by the 
computer (Column 3, line 63 through column 4, line 6, where the method can be 
implemented as software), cause the computer to perform: 

receiving a routing information packet from a network interface of the packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
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interfaces before they are processed by the pre-filtering module and the firewall, 
also column 9, lines 1-16, where the pre-filtering module receives packets from 
an external source); and 

transferring the routing information packet to the packet control device, wherein 
the routing table makes a destination address of a packet associate with a next 
transfer destination (Column 6, line 65 to column 7, line 1 6, where the firewall 
receives the packet and determines whether the packet should be permitted to 
enter and/or leave the network, also column 9, lines 1-16, where the pre-filtering 
module receives packets from an external source and forwards the packet to the 
firewall through the firewall interface). 

14. As per claim 19, Fink teaches the computer-readable storage according to claim 
18, wherein the instructions further cause the computer to perform: 

receiving the routing table from a packet control device (Column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); and 
setting the routing table to the packet forwarder (Column 7, lines 17-21 , where 
the relevant instructions for the packet are passed from the firewall to the pre- 
filtering module). 

15. Claims 10, 1 1 , 16, 17, 20, 24, and 28 are rejected under 35 U.S.C. 102(e) as 
being anticipated by US 2003/0204618, Foster et al. 

16. As per claim 1 0, Foster teaches a method of maintaining a routing table in a 
system that includes a packet forwarder and a packet control device, the packet 
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forwarder including a plurality of network interfaces (Figure 2A, where each packet 
forwarder has multiple connection interfaces), the packet control device including a 
plurality of network interface and a plurality of virtual interfaces each of the virtual 
interfaces having address information that is associated with one of the network 
interfaces of the packet forwarder (page 5, paragraph [0029], where the virtual identifier 
translation table reflects the IP ports related to the virtual interfaces of the VPN), the 
method comprising: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); and 
maintaining a routing table of each for the groups using a routing process 
associated with each of the groups (Figures 2B and 2C, where the virtual and 
real addresses are kept separately and routed accordingly). 

1 7. As per claim 1 1 , Foster teaches the method according to claim 1 0, wherein the 
virtual interfaces are grouped for each packet forwarder, further comprising maintaining 
a routing table of each packet forwarder using a routing process associated with each of 
the virtual interfaces grouped (Page 5, paragraph [0029], where each IFM maintains a 
virtual identifier table for each of its ports). 

18. As per claim 1 6, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (page 2, 
paragraph [0013], where the system is a software facility), the packet forwarder 
including a plurality of network interfaces (Figure 2A, where each packet forwarder has 
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multiple connection interfaces), the packet control device including a plurality of network 
interfaces and a plurality of virtual interfaces each of the virtual interfaces having 
address information that is associated with one of the network interfaces of the packet 
forwarder (page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN), the computer program including 
computer executable instructions which, when executed by the computer, cause the 
computer to perform: 

dividing the network interfaces of the packet control device and the virtual 
interfaces into a plurality of groups (Figures 2B and 2C, where the virtual and real 
addresses are kept separately and routed accordingly); and 
maintaining a routing table of each of the groups using a routing process 
associated with each of the groups (Figures 2B and 2C, where the virtual and 
real addresses are kept separately and routed accordingly). 

1 9. As per claim 1 7, Foster teaches the computer-readable storage according to 
claim 16, wherein the virtual interfaces are grouped for each packet forwarder, and the 
instructions further cause the computer to perform maintaining a routing table of each 
packet forwarder using a routing process associated with each of the virtual interfaces 
grouped (Page 5, paragraph [0029], where each IFM maintains a virtual identifier table 
for each of its ports). 

20. As per claim 20, Foster teaches a router control device (abstract, where the 
system processes received data for routing through a network) comprising: 
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a virtual interface setting unit that creates and manages virtual interfaces on a 
router control device according to corresponding network interfaces of a 
forwarder, each of the virtual interfaces having address information that is 
associated with one of the network interfaces of the forwarder (Page 5, 
paragraph [0029], where the IFM maintains a virtual identifier table for each of its 
ports); 

a routing unit that generates a routing table for the forwarder based on routing 
information in routing information packets received at the network interface of the 
forwarder and transferred by the forwarder to the router control device (Figures 
2B and 2C and accompanying description beginning page 5, paragraph [0032], 
where the device forms routing information tables according to the source and 
destination identifiers); and 

a routing information storage unit that stores a routing table created and 
managed by the routing unit for packet forwarding between the virtual interfaces 
(Page 5, paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

21 . As per claim 24, Foster teaches a method of maintaining a routing table 

(abstract), comprising: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
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of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 

storing a routing table created and managed by the routing unit for packet 
forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 
22. As per claim 28, Foster teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table (abstract), 
including computer executable instructions which, when executed by the computer, 
cause the computer to perform: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

generating a routing table for the forwarder based on routing information in 
routing information packets received at the network interface of the forwarder and 
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transferred by the forwarder to the router control device (Figures 2B and 2C and 
accompanying description beginning page 5, paragraph [0032], where the device 
forms routing information tables according to the source and destination 
identifiers); and 

storing a routing table created and managed by the routing unit for packet 
forwarding between the virtual interfaces (Page 5, paragraph [0029], where each 
IFM contains a virtual identifier table for each of its ports). 

Claim Rejections - 35 USC § 103 

23. Claims 1-5, 8, 9, 14, and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US 6496935, Fink et al and US 2003/0204618, Foster et al. 

24. As per claim 1 , Fink teaches a packet control system (abstract) comprising: 

a packet forwarder that transfers a packet received from a network interface to 

another network interface (Figure 1, pre-filtering module); and 

a packet control device that routes the packet using a routing process (Figure 1 , 

firewall 18, where the routing information is filter information), wherein 

the packet forwarder includes 

a received packet transfer unit that transmits to the packet control device a 
routing information packet received from the network interface (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave 
the network), and wherein 
the packet control device includes 
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a transmitted packet reception unit that receives the routing information 
packet (Column 6, line 67, where the firewall inspects the packets, which 
thereby have been transferred from the pre-filtering module to the firewall), 
that associates the routing information packet with the interface (Column 
7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that delivers the 
routing information packet to the routing process (Column 7, lines 1-4, 
where the analysis module performs the determination); and 
a transmitted packet transfer unit that receives the routing information 
packet sent by the routing process, and that transmits the routing 
information packet to the packet forwarder (Column 7, lines 17-21 , where 
the firewall passes the relevant instructions concerning the packet to the 
pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN); and 



Application/Control Number: 10/781,792 Page 13 

Art Unit: 2144 

a transmitted packet reception unit that receives the routing information packet 
and that associates the routing information packet with the virtual interface 
(Figure 3, Virtual Identifier Translation Table 325). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

25. As per claim 2, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device, using a routing 
process running on the packet control device, the packet control device comprising: 
a transmitted packet reception unit that receives the routing information packet 
transmitted from the packet forwarder (Column 6, line 67, where the firewall 
inspects the packets, which thereby have been transferred from the pre-filtering 
module to the firewall), that associates the routing information packet with the 
interface corresponding to an incoming network interface of the packet forwarder 
(Column 7, lines 2-4, where the firewall determines if the connection should be 
permitted to pass through the device interface), and that transmits the routing 
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information packet to the routing process (Column 7, lines 1-4, where the 
analysis module performs the determination); and 

a transmitted packet transfer unit that receives the routing information packet 
sent by the routing process, and that transmits the routing information packet to 
the packet forwarder (Column 7, lines 17-21 , where the firewall passes the 
relevant instructions concerning the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
a virtual interface that has address information associated with the network 
interface of the packet forwarder (page 5, paragraph [0029], where the virtual 
identifier translation table reflects the IP ports related to the virtual interfaces of 
the VPN). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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26. As per claim 3, the combination of Fink and Foster teaches the packet control 
device according to claim 2, further comprising: 

a routing table transfer unit that acquires a routing table updated by the routing 
process, and that transmits the routing table to the packet forwarder (Fink 
teaches this limitation. Column 4, lines 51-55, where the firewall sends packet 
passage information to the pre-filtering module, which allows for forwarding and 
routing by the forwarder). 

27. As per claim 4, Fink teaches a packet control device which constructs a routing 
table for a packet forwarder controlled by the packet control device which determines an 
outgoing network interface of the packet received at an incoming network interface of 
the packet forwarder (column 5, lines 47-59, where the rule base establishes forwarding 
rules for packets, permitting them to be forwarded through to the output interface or 
dropping them if they violate the rules of the rule base), the packet control device 
comprising: 

a plurality of network interfaces (column 7, lines 28-32, where the pre-filtering 
module features a plurality of network interfaces). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 

a plurality of virtual interfaces each having address information that is associated 
with one of the network interfaces of the packet forwarder (page 7, paragraph 
[0044], where the computing device uses virtual identifiers when transmitting and 
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receiving data communications), the network interfaces of the packet control 
device and the virtual interfaces being divided into a plurality of groups (page 5, 
paragraph [0029], where the virtual identifier translation table reflects the IP ports 
related to the virtual interfaces of the VPN), wherein 

the packet control device routes the packet using a routing process associated 
with each of the groups considering interfaces belongs to the groups to create a 
dedicated routing table for each, the each of the groups corresponds to a 
separate device (Figures 2B and 2C, where the virtual and real addresses are 
kept separately and routed accordingly). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (column 7, line 1 1 ). One way of 
rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

28. As per claim 5, the combination of Fink and Foster teaches the packet control 
device according to claim 4, wherein the virtual interfaces are grouped for each packet 
forwarder, and the packet control device maintains routing tables using a routing 
process associated with each of the virtual interfaces grouped (Foster teaches this 
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limitation. Figures 2B and 2C, where each table uses different routing processes to 
make connections). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include separate routing tables for virtual and real addresses. Fink teaches that the 
analysis module of the firewall determines actions to take with the packet, including that 
of rewriting address fields (column 7, line 1 1 ). One way of rewriting addresses involves 
using virtual addresses, which simplify routing, as they allow a path to be reconfigured 
in a manner transparent to a source (Foster, page 3, paragraph [001 9]). This would be 
beneficial in Fink's system, as it would allow the firewall to work with another layer of 
security and simplicity, as well as the ability to work on various network types. 
29. As per claim 8, Fink teaches a method of maintaining a routing table using a 
routing process (abstract, where the pre-filtering module performs a limited set of 
actions with packets previously permitted by the firewall), the method comprising: 

receiving a routing information packet which is received by a packet forwarder 
(column 8, lines 12-15, where the pre-filtering module sends information to the 
firewall for processing); 

delivering the routing information packet to the routing process (column 6, line 65 
through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet sent by the routing process (column 7, 
lines 17-21, where the firewall forwards the relevant instructions to the pre- 
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filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder for 
transmitting from its network interface (column 7, lines 17-21, where the firewall 
forwards the relevant instructions for the packet to the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
associating the routing information packet with a virtual interface that has 
address information associated with a network interface of the packet forwarder 
(page 5, paragraph [0029], where the virtual identifier translation table reflects 
the IP ports related to the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 
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30. As per claim 9, the combination of Fink and Foster teaches the method according 
to claim 8, further comprising: 

acquiring a routing table updated by the routing process (Fink teaches this 
limitation. Column 6, line 65 through column 7, line 21, where the analysis 
module makes determinations, which are passed on by the firewall to the pre- 
filtering module); and 

transmitting the routing table to the packet forwarder (Fink teaches this limitation. 
Column 7, line 62 through column 8, line 3, where the pre-filtering module 
contains a connection database which stores in its memory instructions from the 
firewall). 

31 . As per claim 14, Fink teaches a computer-readable storage for controlling a 
computer, comprising a computer program for routing a packet using a routing process, 
including computer executable instructions which, when executed by the computer 
(Column 3, line 63 through column 4, line 6, where the method can be implemented as 
software), cause the computer to perform: 

receiving a routing information packet from a network interface of a packet 
forwarder (Figure 1 , where packets enter and leave the gateway through network 
interfaces before they are processed by the pre-filtering module and the firewall); 
transmitting the routing information packet to a packet control device (Column 6, 
line 65 to column 7, line 16, where the firewall receives the packet and 
determines whether the packet should be permitted to enter and/or leave the 
network); 
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receiving the routing information packet from the packet forwarder (Figure 3, step 
4b, where the packet is received by firewall from pre-filtering module); 
transmitting the routing information packet to the routing process (column 6, line 
65 through column 7, line 3, where the firewall passes the packet to the analysis 
module for determination of whether the packet is allowed); 
receiving the routing information packet transmitted from the routing process 
(column 7, lines 17-21 , where the firewall forwards the relevant instructions to the 
pre-filtering module, inherently receiving them from the analysis module for 
forwarding); and 

transmitting the routing information packet to the packet forwarder (column 7, 
lines 17-21 , where the firewall forwards the relevant instructions for the packet to 
the pre-filtering module). 
Fink does not teach a specific rule or routing scheme to use with the firewall, only 
references a general set of rules. Foster teaches a system that uses virtual identifiers to 
process data routed through a network wherein the packet control device includes: 
associating the routing information packet with a virtual interface that has 
address information associated with the network interface (page 5, paragraph 
[0029], where the virtual identifier translation table reflects the IP ports related to 
the virtual interfaces of the VPN). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a virtual routing table such as that Foster teaches in the firewall system of 
Fink. Fink teaches that the analysis module of the firewall determines actions to take 
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with the packet, including that of rewriting address fields (Column 7, line 1 1 ). One way 
of rewriting addresses involves using virtual addresses, which simplify routing, as they 
allow a path to be reconfigured in a manner transparent to a source (Foster, page 3, 
paragraph [0019]). This would be beneficial in Fink's system, as it would allow the 
firewall to work with another layer of security and simplicity, as well as the ability to work 
on various network types. 

32. As per claim 1 5, the combination of Fink and Foster teaches the computer- 
readable storage according to claim 14, wherein the instructions further cause the 
computer to perform: 

acquiring a routing table updated by the routing process (Fink teaches this 
limitation. Column 7, line 62 through column 8, line 3, where the pre-filtering 
module contains a connection database which stores in its memory instructions 
from the firewall); and 

transmitting the routing table to the packet forwarder (Fink teaches this limitation. 
Column 4, lines 51-55, where the firewall sends packet passage information to 
the pre-filtering module, which allows for forwarding and routing by the 
forwarder). 

33. Claims 21 , 22, 25, 26, 29, and 30 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 2003/0204618, Foster et al as applied to claims 20, 24, and 28 
above, and further in view of US 6 272 522, Lin et al. 

34. As per claim 21 , Foster teaches the router control device according to claim 20. 
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Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system 
comprising: 

a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the virtual 
interface (Column 10, lines 17-42, where the packet is sent from the network 
interface of the switching processor to the virtual interface of the control 
processor), wherein 

the routing information storage unit stores the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 43-54, 
where the raw load data is sent to the master module to determine the new load 
balancing), and 

the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 4-6, 
where the control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 
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35. As per claim 22, Foster teaches the router control device according to claim 20. 
Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system 
comprising: 

a routing table transmission unit that acquires the routing table and that transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), wherein 
the routing unit generates the routing table for the forwarder based on the routing 
information stored in the routing information storage unit (Column 6, lines 55-60, 
where the switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

36. As per claim 25, Foster teaches the method according to claim 24. 

Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system 
comprising: 
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transferring the routing information packet via a communication path that 
connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor), wherein 

the storing includes storing the routing information in the routing 
information packet transferred by the tunnel transfer unit (Column 6, lines 
43-54, where the raw load data is sent to the master module to determine 
the new load balancing), and 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 4-6, where the 
control processor writes the new load balancing information into the 
shared memory for use by the switching processor). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

37. As per claim 26, Foster teaches the method according to claim 24. 

Foster does not teach a specific method of generating or updating the routing tables for 

his system. Lin teaches a method of routing within a packet switching system 

comprising: 
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acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); and 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor), wherein 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 55-60, where the switching 
processor accesses the routing table stored in the shared memory). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

38. As per claim 29, Foster teaches the computer-readable storage according to 
claim 28. 

Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system wherein: 
instructions further cause the computer to perform transferring the routing 
information packet via a communication path that connects between the network 
interface and the virtual interface (Column 10, lines 17-42, where the packet is 
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sent from the network interface of the switching processor to the virtual interface 
of the control processor), wherein 

the storing includes storing the routing information in the routing information 
packet transferred by the tunnel transfer unit (Column 6, lines 43-54, where the 
raw load data is sent to the master module to determine the new load balancing), 
and 

the generating includes generating the routing table for the forwarder based on 
the routing information stored (Column 6, lines 4-6, where the control processor 
writes the new load balancing information into the shared memory for use by the 
switching processor). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

39. As per claim 30, Foster teaches the computer-readable storage according to 
claim 28. 

Foster does not teach a specific method of generating or updating the routing tables for 
his system. Lin teaches a method of routing within a packet switching system wherein: 
the instructions further cause the computer to perform: 
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acquiring the routing table (Column 6, lines 4-6, where the distribution 
data is written into the shared memory for use by the switching processor); 
and 

transmitting the routing table to the forwarder (Column 6, lines 4-6, where 
the distribution data is written into the shared memory for use by the 
switching processor), wherein 

the generating includes generating the routing table for the forwarder 
based on the routing information stored (Column 6, lines 55-60, where the 
switching processor accesses the routing table stored in the shared 
memory). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to include a control processor for generating and updating the routing tables such as 
that disclosed by Lin in the routing system as taught by Foster. A central control 
processor Such as that in Lin allows the system to work faster, making the routing and 
switching able to occur more efficiently, as they can occur simultaneously (Lin, column 
7, lines 18-24). 

40. Claims 23, 27, and 31 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over US 2003/0204618, Foster et al and US 6 272 522, Lin et al. 

41 . As per claim 23, Lin teaches a router control system which includes a forwarder 
and a router control device (Figure 1 , pre-filtering module and firewall), wherein 

the router control device includes 
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a tunnel transfer unit that transfers the routing information packet via a 
communication path that connects between the network interface and the 
virtual interface (Column 10, lines 17-42, where the packet is sent from the 
network interface of the switching processor to the virtual interface of the 
control processor); 

a routing unit that generates the routing table for the forwarder based on 
the routing information stored in the routing information storage unit 
(Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
and 

the routing table transmission unit that acquires the routing table, and transmits 
the routing table to the forwarder (Column 6, lines 4-6, where the distribution data 
is written into the shared memory for use by the switching processor), and 
the forwarder forwards a packet from its network interface to its other network 
interface according to its routing table (abstract, where the switching processors 
route received packets through to an external network), and includes a received 
packet transfer unit that transmits a routing information packet received at the 
network interface to the router control device that maintains the routing table of 
the forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
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Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

a virtual interface setting unit that that creates and manages virtual 
interfaces on a router control device according to corresponding network 
interfaces of a forwarder, each of the virtual interfaces having address 
information that is associated with one of the network interfaces of the 
forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

a routing information storage unit that stores routing information in the 
routing information packet transferred by the tunnel transfer unit (Page 5, 
paragraph [0029], where each IFM contains a virtual identifier table for 
each of its ports). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
42. As per claim 27, Lin teaches a method of maintaining a routing table (Figure 1 , 
pre-filtering module and firewall), comprising: 
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transferring the routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to other network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
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Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports). 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 
43. As per claim 31 , Lin teaches a computer-readable storage for controlling a 
computer, comprising a computer program for maintaining a routing table, including 
computer executable instructions stored on a computer readable medium, wherein the 
instructions, when executed by the computer, cause the computer to perform: 
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transferring a routing information packet by tunneling via a communication path 
that connects between the network interface and the virtual interface (Column 10, 
lines 17-42, where the packet is sent from the network interface of the switching 
processor to the virtual interface of the control processor); 
generating a routing table for the forwarder based on the routing information 
stored (Column 2, line 66, through column 3, line 3, where the control processor 
server to generate configuration information for the switching processors); 
acquiring the routing table (Column 6, lines 4-6, where the distribution data is 
written into the shared memory for use by the switching processor); 
transmitting the routing table to the forwarder (Column 6, lines 4-6, where the 
distribution data is written into the shared memory for use by the switching 
processor); 

forwarding a packet from a network interface of the forwarder to another network 
interface of the forwarder according to a routing table of the forwarder (abstract, 
where the switching processors route received packets through to an external 
network); and 

transmitting a routing information packet received at the network interface of the 
forwarder to the router control device that maintains the routing table of the 
forwarder using a routing process (Column 6, lines 43-54, where the raw load 
data is sent to the control processor, and after the data is processed, it is written 
into shared memory and used by the switching processors (Column 6, lines 4-6)). 
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Lin does not teach a virtual interface method for use with his routing system. Foster 
teaches a system that routes packets using virtual identifier, where the router control 
device includes: 

creating and managing virtual interfaces on a router control device according to 
corresponding network interfaces of a forwarder, each of the virtual interfaces 
having address information that is associated with one of the network interfaces 
of the forwarder (Page 5, paragraph [0029], where the IFM maintains a virtual 
identifier table for each of its ports); 

storing routing information on the routing information in the routing information 
packet transferred (Page 5, paragraph [0029], where each IFM contains a virtual 
identifier table for each of its ports); 
It would have been obvious to one of ordinary skill in the art at the time of the invention 
to use a virtual addressing method such as that taught by Foster in the system 
disclosed by Lin. Lin's system effectively reroutes packets, regardless of the packet 
type. Foster's virtual identifier method would simplify routing, as it allows a path to be 
reconfigured in a manner transparent to a source (Foster, page 3, paragraph [0019]). 
This would be beneficial in Lin's system, as it would allow the routing table to work with 
virtual as well as physical addresses, making it more versatile. 

Conclusion 

44. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to THOMAS RICHARDSON whose telephone number is 
(571 ) 270-1 1 91 . The examiner can normally be reached on Monday through Thursday, 
8am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William Vaughn can be reached on (571) 272-3922. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TR 

9/10/2008 

/William C. Vaughn, Jr./ 

Supervisory Patent Examiner, Art Unit 2144 



